Tags: data retentionEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: The EU adopted a directive on the retention of data regarding the communications, movements and use of media of all 365 mio. EU citizens. The struggle is now continuing on the national levels, and privacy groups are preparing legal, political and technical challenges to this surveillance scheme. A year ago, the European ministers of justice and home affairs struck a deal with the European parliament and the commission according to which personal data regarding the communications, movements and use of media of all 365 mio. EU citizens is to be collected and stored for up to two years. While the EU directive 2006/24 EG on data retention has entered into force in May 2006, the struggle is continuing. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas. Two antagonistic trends can be observed: On the one hand, some member states such as Denmark have started the implementation process, as expected with a broader scope of data to be stored than is required by the directive. The United States are also moving towards data retention, and hardware vendors are preparing to sell the necessary surveillance equipment to telcos and ISPs. On the other hand, the opposition against this step towards a police state is growing. A number of EU member states have announced that they will postpone the retention of internet traffic data. The Irish government is challenging the entire directive before the European Court of Justice. Privacy groups are preparing legal, political and technical challenges. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas.

Tags: data retentionEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: The EU adopted a directive on the retention of data regarding the communications, movements and use of media of all 365 mio. EU citizens. The struggle is now continuing on the national levels, and privacy groups are preparing legal, political and technical challenges to this surveillance scheme. A year ago, the European ministers of justice and home affairs struck a deal with the European parliament and the commission according to which personal data regarding the communications, movements and use of media of all 365 mio. EU citizens is to be collected and stored for up to two years. While the EU directive 2006/24 EG on data retention has entered into force in May 2006, the struggle is continuing. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas. Two antagonistic trends can be observed: On the one hand, some member states such as Denmark have started the implementation process, as expected with a broader scope of data to be stored than is required by the directive. The United States are also moving towards data retention, and hardware vendors are preparing to sell the necessary surveillance equipment to telcos and ISPs. On the other hand, the opposition against this step towards a police state is growing. A number of EU member states have announced that they will postpone the retention of internet traffic data. The Irish government is challenging the entire directive before the European Court of Justice. Privacy groups are preparing legal, political and technical challenges. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas.

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

Secunia Security Advisory - Brendan Coles has discovered a weakness and multiple vulnerabilities in Zenoss, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site request forgery attacks.

Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.

Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.

Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.

Red Hat Security Advisory 2012-1141-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.

Red Hat Security Advisory 2012-1141-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.

Red Hat Security Advisory 2012-1141-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.

Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.

Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.

Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.

Whether you know it as a clapperboard, a slate, slate board, time slate, or by another name, you probably recognize this staple of movie making. It’s a handy way to help synchronize sound with video, and to keep track of clips when it comes time to edit. But this clapperboard is quite a bit more [...]

Authors: Thomas BiegeTags: cryptographyEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: This paper (and slides) will descibe the inner workings of the the random number generator (/dev/{u}random) of Linux. Additionally some possible security flaws are shown (entropy overestimation, zero'izing the pool, etc.) Almost all cryptographic protocols depend on random (unpredictable) values to create keys, cookies, tokens, initialisation vectors, and so on. The Linux (as well as other Unix flavours) kernel provides a character device as a source for randomness. This device represents the essential part needed by various cryptographic protocol implementations for a secure operation (conditional security), therefore it needs special attention from security experts. This paper will give an extract of results taken from analysing the input sources used by Linux' PRNG implementation. The statistical entropy of each source and of the whole pool is calculated to get a better picture of the entropy quality during the boot--process and to spot entropy overestimation by the kernel. Observation taken by process show a repeating behaviour for different system startups. This can be used by an attacker to create profiles and to simulate a more complex system. Even observations of the events generated by the block-device show timing patterns between different boot--sequences. To dispel doubts of developers to add untrusted sources, two kinds of untrusted sources, low-quality and malicious source, were examined. It will be shown that low--quality sources are not able to reduce the entropy in the pool that already exists but can lead to an overestimation. A more dangerous situation exists with the presence of a malicious source which is theoretically able to led the mixing algorithm produce a stream of zeros. The goal of this work is not to show a practical attack against the random device but to provide more transparency and to ease further analysis.

Authors: Joi ItoTags: gamesEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: This talk will focus on World of Warcraft, the most popular MMORPG. There will be a brief overview of the game, guilds and guild management, tools and social issues. Other technologies and the possible future of MMORPGs and their impact will be discussed. Video, images and examples will be used to describe why World of Warcraft is so compelling. First hand experience and comparisons with experiences and theory from other types of organizations will be used to describe the dynamics of a guild and what we can learn from guild and guild management. Socialization, ranks, personality types, rewards, rules, governance, promotion, recruiting, evolution and out-of-game activities will be discussed among other attributes. The current technology, supporting technology and possible future technologies will be explored to try to map the future of MMORPGs.

Authors: Joi ItoTags: gamesEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: This talk will focus on World of Warcraft, the most popular MMORPG. There will be a brief overview of the game, guilds and guild management, tools and social issues. Other technologies and the possible future of MMORPGs and their impact will be discussed. Video, images and examples will be used to describe why World of Warcraft is so compelling. First hand experience and comparisons with experiences and theory from other types of organizations will be used to describe the dynamics of a guild and what we can learn from guild and guild management. Socialization, ranks, personality types, rewards, rules, governance, promotion, recruiting, evolution and out-of-game activities will be discussed among other attributes. The current technology, supporting technology and possible future technologies will be explored to try to map the future of MMORPGs.

Authors: Thomas BiegeTags: cryptographyEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: This paper (and slides) will descibe the inner workings of the the random number generator (/dev/{u}random) of Linux. Additionally some possible security flaws are shown (entropy overestimation, zero'izing the pool, etc.) Almost all cryptographic protocols depend on random (unpredictable) values to create keys, cookies, tokens, initialisation vectors, and so on. The Linux (as well as other Unix flavours) kernel provides a character device as a source for randomness. This device represents the essential part needed by various cryptographic protocol implementations for a secure operation (conditional security), therefore it needs special attention from security experts. This paper will give an extract of results taken from analysing the input sources used by Linux' PRNG implementation. The statistical entropy of each source and of the whole pool is calculated to get a better picture of the entropy quality during the boot--process and to spot entropy overestimation by the kernel. Observation taken by process show a repeating behaviour for different system startups. This can be used by an attacker to create profiles and to simulate a more complex system. Even observations of the events generated by the block-device show timing patterns between different boot--sequences. To dispel doubts of developers to add untrusted sources, two kinds of untrusted sources, low-quality and malicious source, were examined. It will be shown that low--quality sources are not able to reduce the entropy in the pool that already exists but can lead to an overestimation. A more dangerous situation exists with the presence of a malicious source which is theoretically able to led the mixing algorithm produce a stream of zeros. The goal of this work is not to show a practical attack against the random device but to provide more transparency and to ease further analysis.

Authors: Annalee NewitzTags: socialEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? I have just completed a book-length project on female geeks, to be published in January, which is a collection of essays by women in a variety of male-dominated "geek" jobs -- everything from computer science and bioinformatics work, to comic book writing and videogame programming. I will present some of the findings from my book, looking at real-life examples of women fighting back against sexism in technical/science jobs. I'll also examine how women can help change the pop culture image of geeks as almost entirely male.

Authors: Annalee NewitzTags: socialEvent: Chaos Communication Congress 23th (23C3) 2006Abstract: Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? I have just completed a book-length project on female geeks, to be published in January, which is a collection of essays by women in a variety of male-dominated "geek" jobs -- everything from computer science and bioinformatics work, to comic book writing and videogame programming. I will present some of the findings from my book, looking at real-life examples of women fighting back against sexism in technical/science jobs. I'll also examine how women can help change the pop culture image of geeks as almost entirely male.

We’ve been seeing quite a few home security hacks around here lately and we think they’re a lot of fun. This is one that we missed a few weeks ago. [Sharpk] used his existing home security system as inspiration for a completely DIY security system. Above you can see the tiny models he used to [...]

[Brattonwvu] wanted to lay down some tracks with as high an audio quality as possible. To help get rid of the noise pollution of the everyday world he built this isolation booth in his attic. The project started off with a trip to the home store for some 2×4 stock and OSB to use as [...]

[Chris] continues cranking out the tutorials, this time around he’s showing how to use a CPLD for simple motor control. The demo hardware is pretty basic, he built his own FPGA/CPLD demo board a few years back which used a PLCC socket for easy interfacing. You should be able to use just about any gear [...]

[Dan] wrote in to share a link to his MythTv to Apple TV setup. He found a way to make the recordings he made on his Linux box available on the 2nd Generation Apple TV. Our first thought is that he would use XBMC on a jailbroken device but that is not the case. The [...]

The Texas Instruments MSP430 Launchpad is pretty popular in hacks, likely due to its low price. TI has recently released a new C2000 Launchpad device that offers more power and peripherals for $17. This board uses the C2000 Piccolo processor, which is meant for DSP applications. Also included is an unrestricted version of the Code [...]

I have made some ROP mitigation method and share my idea to security researcher.
This method is not perfect mitigation. but it will annoy exploit writer.
I think that the part of this document may be similar to some feature
of ROPGuard which is
idea of 2nd winner of Bluehat Prize contest. ( I was also Bluehat
Prize contest attendant. but i am not a winner ^^ )
This document will help reader understand some ROP mitigation feature.
I correct...

[Jasper] sent in a project he, [Quinten], and [Mr. Stock] have been working on for a while. It’s called the Pristitrope and brings the classic 19th centrury paper-based animation device into the 21st century with 18 LCD displays. The lazy suzan portion of the build was fabricated out of plywood cut on a CNC router and [...]

[Jasper] sent in a project he, [Quinten], and [Mr. Stock] have been working on for a while. It’s called the Pristitrope and brings the classic 19th centrury paper-based animation device into the 21st century with 18 LCD displays. The lazy suzan portion of the build was fabricated out of plywood cut on a CNC router and [...]

Yeah its not perfect, I've had reports of it working on some systems
and not on others, it may be that some OS security mechanisms make the
exploit less potent, however thats is more to do with fixing the
payload part of the exploit than the bit that exercises the GPU side.
The PoC just shows you can read/write to arbitrary memory, once you
can do that rewriting the payload bit should be possible.

Several years ago I was working in PHP regularly and trying to find
something similar to what you're looking for now. Given that up to this
point I had been using notepad exclusively (don't ask), anything was a step
up.

Another good suggestion that came off-list, for inspection of suspicious
links and sites: staged browsing using burpsuite to MitM your own browsing,
and inspect responses prior to rendering in the browser.

About TOR (I don't know if this is OT with respect to the thread subject),
which is the best configuration for a browser?

On torproject.org they strongly suggest the use of the Browser Bundle, but
personally I don't like that much the idea of runnining another instance
of Firefox with its own configuration. Also, reading the website, It's
possible to find...

Ubuntu Security Notice 1522-1 - It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

Ubuntu Security Notice 1522-1 - It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

Ubuntu Security Notice 1522-1 - It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

As a relic of the early 80s, the TRS-80 Color Computer couldn’t display very many colors. By default, the CoCo could only display 8 colors on the screen at a time, but [John] figured out a way to increase the number of colors displayed using a very simple trick that surprisingly isn’t found in original CoCo [...]

As if getting your ass handed to you while playing video games wasn’t annoying enough, [furrtek] decided that the best way to help improve his skills was by inflicting physical pain each time his on-screen character died. While perusing the Internet looking for something to break through the doldrums of the day, he came upon [...]

BioTac Artificial Skin Technology is sure to be a storm with Robotics Designers. Giving them the opportunity to add a third sense to there robotic marvels. Now they can have the sense of touch to go along with existing technologies of sight and of sound. Thanks to the technology coming out of the University of Southern [...]

Texas Instruments is trying to take the success it had with the LaunchPad and apply it to other chip architectures. The board seen above is their new C2000 Piccolo LaunchPad. It’s a development board for the F28027 chip. This 32-bit offering is a part we know nothing about. A first look shows a clock speed between 40 [...]

Here is a telepresence robot that uses an Android device and LEGO NXT parts. [Wolfgang] had an extra phone on hand and decided to put it to good use. The Mindstorm parts make it really easy to produce a small robot, and adding the phone really ups the computing and connectivity options available to him. [...]